diff --git a/lib/omniauth/strategy.rb b/lib/omniauth/strategy.rb index d8468bc..2d5018a 100644 --- a/lib/omniauth/strategy.rb +++ b/lib/omniauth/strategy.rb @@ -299,7 +299,6 @@ module OmniAuth # in test mode. def mock_call!(*) begin - OmniAuth.config.request_validation_phase.call(env) if OmniAuth.config.request_validation_phase return mock_request_call if on_request_path? && OmniAuth.config.allowed_request_methods.include?(request.request_method.downcase.to_sym) return mock_callback_call if on_callback_path? rescue StandardError => e @@ -313,7 +312,10 @@ module OmniAuth setup_phase session['omniauth.params'] = request.GET + + OmniAuth.config.request_validation_phase.call(env) if OmniAuth.config.request_validation_phase OmniAuth.config.before_request_phase.call(env) if OmniAuth.config.before_request_phase + if options.origin_param if request.params[options.origin_param] session['omniauth.origin'] = request.params[options.origin_param] diff --git a/spec/omniauth/strategy_spec.rb b/spec/omniauth/strategy_spec.rb index d8d633b..89b96be 100644 --- a/spec/omniauth/strategy_spec.rb +++ b/spec/omniauth/strategy_spec.rb @@ -1001,6 +1001,26 @@ describe OmniAuth::Strategy do OmniAuth.config.test_mode = false expect(strategy.call(make_env).first).to eq 302 end + + context 'when in test mode and path not on request path' do + let(:path) { '/foo/bar' } + + before do + OmniAuth.config.test_mode = true + OmniAuth.config.request_validation_phase = OmniAuth::AuthenticityTokenProtection + allow(OmniAuth::AuthenticityTokenProtection).to receive(:call).and_raise(OmniAuth::AuthenticityError) + end + + it 'does not verify token' do + expect(strategy).not_to receive(:fail!) + strategy.call(make_env(path)) + end + + after do + OmniAuth.config.test_mode = false + OmniAuth.config.request_validation_phase = false + end + end end context 'setup phase' do